LGTM1 % explainer update On Wed, Jun 1, 2022 at 12:55 PM Daniel Vogelheim <vogelh...@google.com> wrote:
> On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss <yoavwe...@chromium.org> wrote: > >> >> >> On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <vogelh...@chromium.org> >> wrote: >> >>> Contact emailsvogelh...@chromium.org, mk...@chromium.org, >>> l...@chromium.org >>> >>> Explainerhttps://github.com/WICG/sanitizer-api >>> https://web.dev/sanitizer >>> >>> Specificationhttps://wicg.github.io/sanitizer-api >>> >>> Docshttps://web.dev/sanitizer >>> https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API >>> >>> Summary >>> >>> The Sanitizer API offers an easy to use and safe by default HTML >>> Sanitizer API, which developers can use to remove content that may execute >>> script from arbitrary, user-supplied HTML content. The goal is to make it >>> easier to build XSS-free web applications. The intended contributions of >>> the Sanitizer API are: Making a sanitizer more easily accessible to web >>> developers; be easy to use and safe by default; and shift part of the >>> maintenance burden to the platform. This is the initial "MVP". This >>> implements the current spec except for two features, the .sanitize and >>> .sanitizeFor methods on the Sanitizer object, in order to leave room for >>> more discussion. Our intent is to add the missing features once the >>> discussion has run its course. In all other aspects, this launch faithfully >>> implements the spec as currently written. We feel the current >>> implementation already adds substantial value to the web platform as-is. >>> >> >> So will this only support the `setHTML()` option initially? >> > > Yes, exactly. > It'd be good to update the explainer to indicate that more clearly. Right now, `setHTML()` is not well-represented there. We should also make sure that developers don't assume that the existence of a `Sanitizer` object implies the existence of `Saintizer.sanitize` and feature-detect for it. > > >>> >>> Blink componentBlink>SecurityFeature>SanitizerAPI >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> >>> >>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/619 >>> >>> TAG review statusIssues addressed >>> >>> Risks >>> Interoperability and Compatibility >>> >>> This is a new API that does not modify existing behaviour. A >>> comprehensive WPT test suite ensures cross-browser compatibility. >>> >>> *Gecko*: In development ( >>> https://github.com/mozilla/standards-positions/issues/106) >>> Standards Position: >>> https://github.com/mozilla/standards-positions/issues/106 >>> A prototype is In development: >>> https://groups.google.com/g/mozilla.dev.platform/c/C4EHeQlaMbU/m/C8hNg9ehBwAJ >>> >>> *WebKit*: No signal ( >>> https://lists.webkit.org/pipermail/webkit-dev/2021-March/031731.html, >>> https://lists.webkit.org/pipermail/webkit-dev/2022-March/032155.html) A >>> position statement has been requested. The answer received to date >>> (2021-03-18) avoids giving a definite answer one way or another. Please >>> follow the links for details. >>> >>> *Web developers*: Positive. There have been several articles or blog >>> posts about the Sanitizer API, with a generally positive undertone. >>> Examples: >>> https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers >>> >>> https://blog.bitsrc.io/javascript-sanitizer-api-the-modern-way-to-safe-dom-manipulation-828d5ea7dca6 >>> https://css-tricks.com/html-sanitizer-api/ >>> >>> >>> Security >>> >>> The goal of this feature is to make security more accessible. We >>> generally consider this feature low risk, since it's an additive feature >>> that does not extend or interact with existing platform security >>> mechanisms. The specification lists several security risks that are being >>> considered during development of the feature: >>> https://wicg.github.io/sanitizer-api/#security-considerations >>> >>> >>> WebView application risks >>> >>> n/a >>> >>> >>> >>> Debuggability >>> >>> Sanitizer API can be readily debugged with existing DevTools. It does >>> not have hidden state (or other "special" integration) that would warrant >>> customized DevTools support. >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)?Yes >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?Yes >>> >>> Flag nameSanitizerAPIv0 >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/1101982 >>> >>> Launch bughttps://crbug.com/1306863 >>> >>> MeasurementSeveral counters for API calls are defined. (E.g. >>> https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI%20file:%5C.idl$ >>> <https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI+file%3A%5C.idl%24> >>> ) >>> >>> Estimated milestones >>> >>> 105 >>> >>> Anticipated spec changes >>> >>> The plan of record is to migrate the current WICG spec to HTML proper: * >>> https://github.com/WICG/sanitizer-api/issues/114 >>> >>> * https://github.com/whatwg/html/issues/7197 >>> >>> >>> Two apparently contentious API choices were removed from this launch, >>> which is what makes this an MVP. By making sure the MVP only contains >>> agreed upon APIs we allow for the future evolution of the API in any >>> direction. >>> >>> * https://github.com/WICG/sanitizer-api/issues/129 >>> >>> * https://github.com/WICG/sanitizer-api/issues/128 >>> >>> >>> The present spec requires a secure context. This might be dropped in a >>> future version. >>> * https://github.com/WICG/sanitizer-api/issues/122 >>> >>> The present spec does not support namespaced content (like SVG or >>> MathML). This is likely to be added in a future version. >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5786893650231296 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>; plus manual editing. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfCzrDG6-pBY8ChT6A_8%2BbKiPePp%2BCsgADY9vv9rQiQA%40mail.gmail.com.
